On Wednesday, October 17, 2012 12:45:14, Wouter Verhelst wrote:
> On Wed, Oct 17, 2012 at 12:28:14PM -0400, Chris Knadle wrote:
> > On Tuesday, October 16, 2012 05:04:55, martin f krafft wrote:
> > > also sprach Holger Levsen <holger@layer-acht.org> [2012.10.16.0945
+0200]:
> > > > > We have not cared enough for almost 20 years that 9 out of 10
> > > > > binary packages in use (i386 until 2005, amd64 since then) are
> > > > > built on machines that are individually maintained according to
> > > > > widely varying security standards to do anything about it, AFAICT.
> > > >
> > > > your point being?
> > >
> > > That our users don't seem to care, and that probably is why we
> > > haven't done anything about it.
> >
> > Out of curiosity, how would a user /know/ whether a package has been
> > built via a buildd rather than on a DD's local machine?
>
> Everyone can check buildd.debian.org for the lack of a build log on a
> particular architecture for a given version. That's a fairly good
> indicator.
Okay that's good to know. Thanks.
I'm glad this came up again now, because the discussion has explained some of
the detial behind some of the statements I've heard at DebConfs concerning
"Debian will be using source-only uploads `any day now`". ;-)
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us